Presentation on theme: "CSA 223 network and web security Chapter one"— Presentation transcript:
1 CSA 223 network and web security Chapter one What is information security.Look at:Define information securityDefine security as process , not point product.
2 Define information security Information is a knowledge obtained from investigation , study ,instruction ,news or facts .Security is freedom from danger , safety ;freedom from fear.Information security measures adopted to prevent the unauthorized use ,misuse ,modification, or denial of use of knowledge , facts ,data , or capability.Or it is the steps you take to guard your information.
3 Define information security People are the weakest link in securing the organization information.Information security will not guarantee the safety of the organization , information ,or computer systems.Security is a process , not a productA single layer of security cannot ensure good security .effective security is achieved by combination of all security disciplines.Do not rely on a single product for all security you must use layered approach.
4 Define information security Information security is mindset; examine the threats to the organization .with this mindset, the user of information should feel confident and comfortable with the security process used by an organization.There is currently no effective process to certify computer system.
5 History of security Physical security : all assets and important information were physical.to protect these assets , physical security was used, such as walls , moats , and guards.Communication security :Use of encryption system (cipher) to allowed to send messages that could not be read if they were interception.Emissions security.Computer security.Network security.Information security.
6 Define security as process Many different products and types of products are necessary to fully protect an organization some of these technologies and products include :Anti-virus software.Access controls.policy managementFirewalls.BiometricsVulnerability scanning.Encryption.
7 Anti-virusthe goal of anti-virus is to reduce the exposure of the organization to malicious code.anti-virus software will not protect organization from an intruder who misuses a legitimate program to gain access to the system .
8 Access controlCapability to restrict access to files based on the ID of the user.Access control can restrict legitimate users from accessing files they should not have access to.Authenticating a user’s access is accomplished by using any combination of something you know , something you have , or something you are.
9 Policy management and intrusion detection Policies and procedures are important components of a good security program , and the management of policies across computer systems is equally important.Using of a policy management system , an organization can be made aware of any system that does not confirm to policy.Intrusion detection identify when someone doing something wrong and stop them.Intrusion detection systems are not foolprof and cannot replace security practices
10 FirewallsFirewalls are access control devices for the network and can assist in protecting an organization’s internal network from external attacks.By their nature , firewalls are border security products ,meaning that they exist on the border between the internal network and the external networkAlthough firewalls provide protection from attackers , they cannot prevent an attack from using an allowed connection.
11 BiometricsBiometrics uses a biological elements to authenticate the user’s access.Biometrics are yet another authentication mechanism and they too can reduce the risk of someone guessing a password.Types of Biometrics scanners include fingerprints ,face recognition and voice. Each method usually required some type of device to identify human characteristics.
12 EncryptionEncryption is the primary mechanism for communications security.Encryption might even protect information that is in storage by encrypting files.The encryption system will not differentiate between legitimate and illegitimate users if both present the same keys to the encryption algorithm . Therefore ,encryption by itself will not provide security.Encryption need to controls on the Encryption keys and the system at hole.
13 Vulnerability scanning and Physical security Scanning computer system for vulnerabilities is an important part of a good security program.Vulnerability scanning will not detect legitimate users who may have inappropriate access .Physical security is the one product category that could provide complete protection to computer systems and information employees must have access to computers and information in order for the organization to function therefore, the physical security must allow some people to gain access in this case physical security will not protect system from attacks that use legitimate access.
14 Chapter two types of attacks Look at :Access attacks.Modification attacksDenial-of-service attacksRepudiation attacks
15 Types of attacks There are four primary categories of attacks: Access attacks.Modification attacksDenial-of-service attacksRepudiation attacks
16 2.1 Access attackAn access is an attempt to gain information that the attacker is not authorized to see.This attack can occur wherever the information resides or may exist during transmission.This type of attack is an attack against the confidentiality of the information.There are three kinds of these attack:SnoopingEavesdroppinginterception
17 2.1.1SnoopingSnooping is looking through information files in the hopesSomething interesting.If the files are on a computer system , an attacker may attempt to open one file after another until information is found.information stored on mediaInformation on local hard drive and left in the office or on backupstaken off-sitedesktop computer
18 2.1.2 EavesdroppingWhen someone listens in on a conversation that they are not a part of , that is Eavesdropping.To gain unauthorized access to information , an attacker must position himself at a location where information of interest is likely to pass by.Wireless networks has increased the opportunity to perform Eavesdropping Mainframeattacker’s computerTraffic from the desktop toThe mainframe travels overThe local area network.the attacker can listen on thesession from the desktop by attaching to the same local area network
19 2.1.3 InterceptionInterception is an active attack against the information.When an attacker Interception information he is inserting him self in the path of the information and capturing it before it reaches its destination.Attacker may allow the information to continue to its destination or not.Information access using Interception is the most difficult option for an attacker.
20 How access attacks are accomplished If access control permission are set properly , the unauthorized individual should be denied access .Correct permissions will prevent most casual snooping.There are many vulnerabilities in that let attacker to success on access to the unauthorized data.Attacker used a sniffer to Eavesdropping on the transmission.A sniffer is a computer that is configured to capture all the traffic on the network.A sniffer can be installed after an attacker has increased his privileges on a system or if the attacker is allowed to connect his own system to the network.
21 2.2 modification attackA modification attack is an attempt to modify information that an attacker is not authorized to modify.Attacker may do one of the following :Changes: one type of modification attack is to change existing information , such as an attacker changing an existing employee’s salary.Insertion : when an insertion attack is made , information that did not previously exist is added. For example , an attacker might choose to add transaction in a banking system that moves funds from customer’s account to his own.Deleting : a delete attack is the removal of existing information
22 How modification attacks are accomplished If the attacker has access to files , modification can be made.If the attacker does not have authorized access to files the attacker would first have to increase his access to the system or remove the permission on the file.Attacker use vulnerability on the computer system to access the system or files. Then attacker can modify the file data.The attacker exploits vulnerability on the server and replace homepage with something new.
23 Define Denial-of-Service Attacks Define Denial-of-Service (DoS)Attacks are attacks that deny the use of resources to legitimate users of the system , information , or capabilities.(DoS) nothing more than vandalism .Denial of Access may occurs on:Information : Denial of Access to information causes the information to be unavailable.Application : Denial of Access to applications normally an attack against a computer system running the application.Systems : Denial of Access to systems cause all information that stored on the system become unavailable.
24 How Denial-of-Service Attacks are accomplished DoS attacks against the information can be made by simply turning off the system turning of system will also cause an attack against system.DoS attacks against the application attacker send a predefined set of commands to the application that the application is not able to process properly . The application will likely crash.
25 RepudiationRepudiation attack is an attempt to give false information or to deny that real event or transaction should have occurred.An attacker may masquerade as another person to collect information or interrupt normal operations.